An Amazon EC2 instance is in a private subnet. To SSH to the instance, it is required to use a bastion host that has an IP address of 10.0.0.5. SSH logs on the EC2 instance in the private subnet show that connections are being made over SSH from several other IP addresses. The EC2 instance currently has the following inbound security group rules applied: Protocol: TCP Port: 22 Source: 10.0.0.5/32 Source: sg-xxxxxxxx Port: 389 Source: 0.0.0.0/0 What is the MOST likely reason that another IP addresses is able to SSH to the EC2 instance?
A) The rule with 0.0.0.0/0 means SSH is open for any client to connect
B) The rule with /32 is not limiting to a single IP address
C) Any instance belonging to sg-xxxxxxxx is allowed to connect
D) There is an outbound rule allowing SSH traffic

Question

An Amazon EC2 instance is in a private subnet. To SSH to the instance, it is required to use a bastion host that has an IP address of 10.0.0.5. SSH logs on the EC2 instance in the private subnet show that connections are being made over SSH from several other IP addresses. The EC2 instance currently has the following inbound security group rules applied: Protocol: TCP Port: 22 Source: 10.0.0.5/32 Source: sg-xxxxxxxx Port: 389 Source: 0.0.0.0/0 What is the MOST likely reason that another IP addresses is able to SSH to the EC2 instance?
A) The rule with 0.0.0.0/0 means SSH is open for any client to connect
B) The rule with /32 is not limiting to a single IP address
C) Any instance belonging to sg-xxxxxxxx is allowed to connect
D) There is an outbound rule allowing SSH traffic

Quizplus · Accepted Answer

The security group rule with source sg-xxxxxxxx allows any instance associated with that security group to connect to the EC2 instance, which could include instances with different IP addresses.

An Amazon EC2 Instance Is in a Private Subnet